diff options
| author |   Ramesh Parthasarathy <ramesh.parthasarathy@att.com> | 2019-11-21 02:04:03 +0000 |
|---|---|---|
| committer | Ramesh Parthasarathy <ramesh.parthasarathy@att.com> | 2019-11-21 04:47:42 +0000 |
| commit | 837beb73d7aa6e8f7e4e932ac71e59663b868992 (patch) | |
| tree | a0cc058f5dd9a6df9a0bab9f1d4ec28c7f99700e | |
| parent | 70c24f9edcb8351ca8f184294c0815db5eba1904 (diff) | |
Added AAF Integration related changes
Created two profiles for the application
to run. Basic profile will allow the
application to run in the current
spring security authentication. AAF profile
will authenticate and authorize requests with
AAF. if no profile is given, it will fallback
to basic.
Change-Id: I2576f02e7afca3c10e02aaffef66a60fa1c4dd1a
Issue-ID: SO-2451
Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
55 files changed, 1888 insertions, 127 deletions
diff --git a/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SecurityFilters.java b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SecurityFilters.java new file mode 100644 index 0000000000..040723501b --- /dev/null +++ b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.adapters.catalogdb; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SoCadiFilter.java b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SoCadiFilter.java new file mode 100644 index 0000000000..e7e360d444 --- /dev/null +++ b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.adapters.catalogdb; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java index 1d58975e6b..8cadb00f8f 100644 --- a/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java +++ b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java @@ -24,27 +24,57 @@ package org.onap.so.adapters.catalogdb; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() + .httpBasic(); + } + + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().anyRequest().permitAll(); + } + }; } } diff --git a/adapters/mso-catalog-db-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-catalog-db-adapter/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-catalog-db-adapter/src/main/resources/application-aaf.yaml diff --git a/adapters/mso-catalog-db-adapter/src/main/resources/application-basic.yaml b/adapters/mso-catalog-db-adapter/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-catalog-db-adapter/src/main/resources/application-basic.yaml diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SecurityFilters.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SecurityFilters.java new file mode 100644 index 0000000000..cbe619e8a0 --- /dev/null +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.adapters.openstack; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SoCadiFilter.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SoCadiFilter.java new file mode 100644 index 0000000000..d9901b75ed --- /dev/null +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.adapters.openstack; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java index 97e43d9828..ddae887103 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java @@ -24,27 +24,57 @@ package org.onap.so.adapters.openstack; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() + .httpBasic(); + } + + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().anyRequest().permitAll(); + } + }; } } diff --git a/adapters/mso-openstack-adapters/src/main/resources/application-aaf.yaml b/adapters/mso-openstack-adapters/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-openstack-adapters/src/main/resources/application-aaf.yaml diff --git a/adapters/mso-openstack-adapters/src/main/resources/application-basic.yaml b/adapters/mso-openstack-adapters/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-openstack-adapters/src/main/resources/application-basic.yaml diff --git a/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java index b8bada298e..6cd7462299 100644 --- a/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java +++ b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java @@ -24,27 +24,57 @@ package org.onap.so.adapters.requestsdb; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services") + .permitAll().antMatchers("/**") + .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic(); + } + + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().anyRequest().permitAll(); + } + }; } } diff --git a/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SecurityFilters.java b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SecurityFilters.java new file mode 100644 index 0000000000..a422e6a60d --- /dev/null +++ b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.adapters.requestsdb.application; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SoCadiFilter.java b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SoCadiFilter.java new file mode 100644 index 0000000000..5e6ced077b --- /dev/null +++ b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.adapters.requestsdb.application; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/adapters/mso-requests-db-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-requests-db-adapter/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-requests-db-adapter/src/main/resources/application-aaf.yaml diff --git a/adapters/mso-requests-db-adapter/src/main/resources/application-basic.yaml b/adapters/mso-requests-db-adapter/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-requests-db-adapter/src/main/resources/application-basic.yaml diff --git a/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SecurityFilters.java b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SecurityFilters.java new file mode 100644 index 0000000000..c615440ff6 --- /dev/null +++ b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.adapters.sdnc; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SoCadiFilter.java b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SoCadiFilter.java new file mode 100644 index 0000000000..1e5647097c --- /dev/null +++ b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.adapters.sdnc; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java index 232381385f..4d922a4cd0 100644 --- a/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java +++ b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java @@ -24,27 +24,57 @@ package org.onap.so.adapters.sdnc; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services") + .permitAll().antMatchers("/**") + .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic(); + } + + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().anyRequest().permitAll(); + } + }; } } diff --git a/adapters/mso-sdnc-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-sdnc-adapter/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-sdnc-adapter/src/main/resources/application-aaf.yaml diff --git a/adapters/mso-sdnc-adapter/src/main/resources/application-basic.yaml b/adapters/mso-sdnc-adapter/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-sdnc-adapter/src/main/resources/application-basic.yaml diff --git a/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SecurityFilters.java b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SecurityFilters.java new file mode 100644 index 0000000000..319d79e0fb --- /dev/null +++ b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.adapters.vfc; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SoCadiFilter.java b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SoCadiFilter.java new file mode 100644 index 0000000000..89526d4cda --- /dev/null +++ b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.adapters.vfc; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java index e94e34d87c..28ac311b4e 100644 --- a/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java +++ b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java @@ -24,27 +24,57 @@ package org.onap.so.adapters.vfc; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services") + .permitAll().antMatchers("/**") + .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic(); + } + + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().anyRequest().permitAll(); + } + }; } } diff --git a/adapters/mso-vfc-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-vfc-adapter/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-vfc-adapter/src/main/resources/application-aaf.yaml diff --git a/adapters/mso-vfc-adapter/src/main/resources/application-basic.yaml b/adapters/mso-vfc-adapter/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-vfc-adapter/src/main/resources/application-basic.yaml diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java new file mode 100644 index 0000000000..3876d77a80 --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.adapters.vnfmadapter; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java new file mode 100644 index 0000000000..aefb36c6bb --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.adapters.vnfmadapter; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java index 792002354b..e43efd014a 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java @@ -1,20 +1,22 @@ /*- * ============LICENSE_START======================================================= - * Copyright (C) 2019 Nordix Foundation. + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Modifications Copyright (c) 2019 Samsung * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ @@ -23,37 +25,64 @@ package org.onap.so.adapters.vnfmadapter; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; -/** - * Configure the web security for the application. - */ +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { @Value("${server.ssl.client-auth:none}") private String clientAuth; - @Override - protected void configure(final HttpSecurity http) throws Exception { - if (("need").equalsIgnoreCase(clientAuth)) { - http.csrf().disable().authorizeRequests().anyRequest().permitAll(); - } else { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); - } + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + if (("need").equalsIgnoreCase(clientAuth)) { + http.csrf().disable().authorizeRequests().anyRequest().permitAll(); + } else { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")) + .and().httpBasic(); + } + } + + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; } - @Override - public void configure(final WebSecurity web) throws Exception { - super.configure(web); - final StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().anyRequest().permitAll(); + } + }; } } diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java b/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java new file mode 100644 index 0000000000..29c9d8f952 --- /dev/null +++ b/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.asdc; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("!test & aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java b/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java new file mode 100644 index 0000000000..52144e264e --- /dev/null +++ b/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.asdc; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("!test & aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java b/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java index b45b4f0749..8722d193fe 100644 --- a/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java +++ b/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java @@ -22,27 +22,57 @@ package org.onap.so.asdc; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() + .httpBasic(); + } + + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().anyRequest().permitAll(); + } + }; } } diff --git a/asdc-controller/src/main/resources/application-aaf.yaml b/asdc-controller/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/asdc-controller/src/main/resources/application-aaf.yaml diff --git a/asdc-controller/src/main/resources/application-basic.yaml b/asdc-controller/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/asdc-controller/src/main/resources/application-basic.yaml diff --git a/bpmn/mso-infrastructure-bpmn/pom.xml b/bpmn/mso-infrastructure-bpmn/pom.xml index 1ae0dd48f7..c3c26ef5e7 100644 --- a/bpmn/mso-infrastructure-bpmn/pom.xml +++ b/bpmn/mso-infrastructure-bpmn/pom.xml @@ -304,5 +304,16 @@ <version>1.7.0</version> <scope>test</scope> </dependency> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-aaf</artifactId> + <version>2.1.9</version> + <exclusions> + <exclusion> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + </exclusion> + </exclusions> + </dependency> </dependencies> </project> diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java new file mode 100644 index 0000000000..bdc1c504f0 --- /dev/null +++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.bpmn.infrastructure; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java new file mode 100644 index 0000000000..cb60d5d219 --- /dev/null +++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.bpmn.infrastructure; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java index 1ed3214214..bcc38ec9e0 100644 --- a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java +++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java @@ -24,28 +24,57 @@ package org.onap.so.bpmn.infrastructure; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService", - "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify") - .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic(); - } + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService", + "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify") + .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic(); + } + + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; } + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().anyRequest().permitAll(); + } + }; + } } diff --git a/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml diff --git a/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml diff --git a/bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java b/bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java index 1ed3214214..58e58464e1 100644 --- a/bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java +++ b/bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java @@ -24,28 +24,46 @@ package org.onap.so.bpmn.infrastructure; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; +@Configuration @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService", - "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify") - .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic(); - } + @Bean + @Profile("test") + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService", + "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify") + .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic(); + } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); - } + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + + }; + } } diff --git a/common/pom.xml b/common/pom.xml index 3690d7b5a1..7c7eec21cc 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -131,6 +131,17 @@ <scope>test</scope> </dependency> <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-aaf</artifactId> + <version>2.1.9</version> + <exclusions> + <exclusion> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> <groupId>org.reflections</groupId> <artifactId>reflections</artifactId> <version>0.9.11</version> diff --git a/common/src/main/java/org/onap/so/security/WebSecurityConfig.java b/common/src/main/java/org/onap/so/security/WebSecurityConfig.java index 635784c642..44ac62d14f 100644 --- a/common/src/main/java/org/onap/so/security/WebSecurityConfig.java +++ b/common/src/main/java/org/onap/so/security/WebSecurityConfig.java @@ -32,7 +32,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @ConfigurationProperties(prefix = "spring.security") -public class WebSecurityConfig extends WebSecurityConfigurerAdapter { +public class WebSecurityConfig { private List<UserCredentials> credentials; private List<String> roles = new ArrayList<>(); @@ -65,10 +65,4 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } - - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder()); - } - } diff --git a/mso-api-handlers/mso-api-handler-infra/pom.xml b/mso-api-handlers/mso-api-handler-infra/pom.xml index 82b86f89cc..84a80e6617 100644 --- a/mso-api-handlers/mso-api-handler-infra/pom.xml +++ b/mso-api-handlers/mso-api-handler-infra/pom.xml @@ -225,6 +225,17 @@ <groupId>io.micrometer</groupId> <artifactId>micrometer-registry-prometheus</artifactId> </dependency> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-aaf</artifactId> + <version>2.1.9</version> + <exclusions> + <exclusion> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + </exclusion> + </exclusions> + </dependency> </dependencies> <build> diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java new file mode 100644 index 0000000000..0cf63b9605 --- /dev/null +++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.apihandlerinfra; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java new file mode 100644 index 0000000000..6510440991 --- /dev/null +++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java @@ -0,0 +1,117 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.apihandlerinfra; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT"; + private static String AAF_API_VERSION = "aaf_api_version"; + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java index 632f371af5..a0f4615f87 100644 --- a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java +++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java @@ -24,33 +24,57 @@ package org.onap.so.apihandlerinfra; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.core.annotation.Order; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.util.StringUtils; @EnableWebSecurity @Configuration("att-security-config") -@Order(2) +// @Order(2) public class WebSecurityConfigImpl extends WebSecurityConfig { + @Profile({"basic", "test"}) + @Bean + public WebSecurityConfigurerAdapter basicAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() + .httpBasic(); + } - @Override - protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); + @Override + public void configure(WebSecurity web) throws Exception { + super.configure(web); + StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService()) + .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder()); + } + }; } - @Override - public void configure(WebSecurity web) throws Exception { - super.configure(web); - StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); + @Profile("aaf") + @Bean + public WebSecurityConfigurerAdapter noAuth() { + return new WebSecurityConfigurerAdapter() { + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().antMatchers("/**").permitAll(); + } + }; } } diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app index e8f02f12c6..90f0a6627d 100644 --- a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app +++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app @@ -14,6 +14,7 @@ COPY configs/logging/logback-spring.xml /app COPY scripts/start-app.sh /app COPY scripts/wait-for.sh /app COPY ca-certificates/onap-ca.crt /app/ca-certificates/onap-ca.crt +COPY certs/* /app/ RUN chown -R so:so /app && chmod 700 /app/*.sh diff --git a/packages/docker/src/main/docker/docker-files/certs/org.onap.so.jks b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.jks Binary files differnew file mode 100644 index 0000000000..1e849afb5e --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.jks diff --git a/packages/docker/src/main/docker/docker-files/certs/org.onap.so.keyfile b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.keyfile new file mode 100644 index 0000000000..9000ed29fb --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.keyfile @@ -0,0 +1,27 @@ +xVdhDotWIx2RB3f8RxAFQb9mkHVVdIzv8eiij9cDjg_5ea5HWPS7OzLR5lv4NA0vStrAMfSAaS2e +j4rzvrlserM9bTRco3JHb-i6ZGYMoTL6kuFJ9JMveSqg-fkwvrm7VcYQJBs1FIE3hRLNqiGJ34ud +hDRp-cGUvNRLIImksKT2fmUyEawLLuE0Lo5aX46y0ibjIMe7clMxLHIS5-WggvkgIOPkVDcxqLT2 +OteGptqW1cjrm1ydbTkLYN6dd7ZmRsT3ULPYLEtPTlZ2vCh7bFBBvP_tjp2cZf4uSPM6EClYAikn +dnTqivOfCZn25r0xeXuectoXbq12fws_jaCH05ZK1wJwAF_cQNfpvaiM457rE672YV3Ev4yhXCyM +1jVL2P9Chl1sSBkZujCftvaj1rlippP9P_eohcLv84mtApEyV49rBFRMtkX9ZVdPyb8shFSoXJxk +M6DentRzY1g37mVJ1B1YMKPNQj95nOD4gLvjbUZ7dATuroENsG7oUWkfaV6dokfTmh504ZbyeqGh +xa7yfr3326fMQBhQMpsyqD2o_Obe5wN57p-vb469w65pUmK7iJDa0Fgxaxy8XNNnw6gCurbbsvyU +nB8UdfhTvL5mJew_tKUvtq_KH9ajnA8giSxuFd9KM6YHJWiFMXIROEQT7hKjTJka1ghERBjcH_pY +hbKtHdvbrS7T2hGwY_MQEUXYQBirtjaEwAvI960hXQt1K-MC8PNLRYtdLKE2Aq3amMt7ZKtrHSeN +33I1MjXc3wRUeOi5A6qImge1Q_Wmn1SURAn9KbEv9eoMUbQUkN1z2iyw4x94BZpBk5GjDypKKOyg +guec0UY3y9wqm5gGW7XvT3v1lZqo5180VgK49iFgA4IhWZ7dnDFQmq6IHTr1pM4kuvJ9dka9saIh +9xCk_KINPp5_dqJ2Lhak2IeRg_Zm3belm1jvYGCyRRqfoi9WGrDh3LLZeK8MHrrfzLI4Toy_n6DG +UNXPrXqrZPREfW2lhYLRfrivOBYWPq9JidQXn1UctSmWdNoMH7XuikBpAwmlInNA_5j9J-L-gf9D +cw2zoby3_wvcm5vxndnocEdhqVVdo7uMmXasQqphuyJP8rgCJf_I1v0Qe5F-JXsj6xDvarOUPOTj +Z93a64EO0KI0OznolRyBqHpIXffbGh7e1EpAE0LMESKJC3Mjmsgz1ld3s7WfdeDK-IxUEHJLHlhY +IjBlY6q3OJDrgvPLkwoWPbI48tmRUJX1BCafvDU6W8crl4VQKhL_l5ANAX5oaKwh-0ZJAZ15tna5 +6fjWcWrtQSdNQxj0jXV7uEcBtRtyPyOk2uw4HJDBLQyyOglUUxcQZJFCFp2fCHmNyttmUJQ5U9cu +yw9lKhsyBJ5TB4psbp64_0EalITeAGrpuH1I1N2m1O5ZY8pmrpPtA1Mb5rQ4IJqiVbZgHTcvSiN5 +Z2SilurhI1vq4_aN_UZJQvEnw9U5WU3ysphsQk8RZKbFH4W9GDtmEGbAkRkTy17KrDIuMpe--XJF +SQHUd4tzxbiYVYHKdF6Ce1kfQ-DEFXEf7RddwuKbc7tw2pSjy1MVH4HSRoTOQQpewZRTfG-4d3MX +B99-QgufEk1OBkfemuDhdnPty5qkOLUEG_uQKPpD0QDVf-t4OxZqk_8G_dCJcXbmY4VT3V7pdN_I +qp2xP98wGcIPuLGlEB8px94jKdUolkqeV_UTmmkTGz-szLzgK_YhnnVJn8VeyNsPTwAFUlqiPTyT +n_7rCb_6nNKlriadaHu6IuJWehv03ZR9jS0P1Y3YLM286deCLFu93lN3nY4yf-SEguASdHJNCBFJ +RQViYm8Tfuim5F0KQGafheGcdZxTvBFihnDduQWNBR_bDB9zfD6OtvvkseyyWHt3gHkJm5QeCjWK +RzRvbjLpUnA31cJeEXmnmhB5qMAvjn8yORKcotn3u4MXdHEk-s8vR_SKykS6IcaYE1xxbowtg-UG +d1iaky1NFYa2VZ4pGx9lD93GDTDynmOSfzVeVsxhTu_5rAanpDkUYVuxOzajmRh55I8a6dRk
\ No newline at end of file diff --git a/packages/docker/src/main/docker/docker-files/certs/org.onap.so.trust.jks b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.trust.jks Binary files differnew file mode 100644 index 0000000000..71c6e776a3 --- /dev/null +++ b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.trust.jks diff --git a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh index cb5586d61d..cea680c682 100644 --- a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh +++ b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh @@ -77,7 +77,11 @@ if [ ! -z "${TRUSTSTORE}" ]; then jksargs="$jksargs -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWORD}" fi -jvmargs="${JVM_ARGS} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}" +if [ -z "${ACTIVE_PROFILE}" ]; then + export ACTIVE_PROFILE="basic" +fi + +jvmargs="${JVM_ARGS} -Dspring.profiles.active=${ACTIVE_PROFILE} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}" echo "JVM Arguments: ${jvmargs}" |